When you use the Internet for your business, you are confronted with a task of protecting your Internet resource. Some small Internet-based companies believe that if they don’t store the customer payment information at their web resource, no hacker attack can significantly harm their business. However, nowadays there are exist attacks that indirectly influence all participating parties, even though your resource may not have been the target of the attack.
Here is a list of just a few fairly common situations:
Apart from direct attacks, there exist a number of indirect ones that make your web resource a part of a more massive attack to other companies and their websites.
Unlike direct attacks that cause financial loss right away, indirect attacks have delayed consequences. When your web resource is being used for these attacks, it gets added to so-called reputation database as an attacker. Being in such database harms the reputation of your company. Apart from that, the search engines exclude the websites from their databases if malicious software is detected. If you don’t detect the attack in time and don’t delete the malicious content returning to the top list of the search results will become a very hard and time-consuming task. While you’re working on it, you will be losing your current and potential customers. Active protection, constant monitoring and timely attack detection can solve this problem. For this type of tasks, RST Cloud provides you with security analysis and monitoring mechanisms.
From tens to hundreds of thousands of users visit your web resource every day. Apart from human users, websites are also visited by web-crawlers. Unfortunately, among both users and web crawlers there exist a fair number of malicious ones. Some of them study your web resource, especially, if it is built on Wordpress, Joomla or Drupal, searching for vulnerabilities and some are looking for an opportunity to post ads for other websites, goods or services. We mentioned before that these actions affect your web resource reputation among your users. When you decide whether to blacklist a user or a web crawler, it’s handy to know whether their IP address has been seen performing a malicious action. Reputation lists store malicious IP addresses. RST Cloud provides you with a number of reports that allow you to check your users against the reputation lists. The Malicious Bots report allows you to figure out the malicious visitors or web crawlers that disguise themselves as legitimate search engine crawlers while trying to perform illegal actions at your web resource.
Click each IP address to see all requests that have been made to your web resource from that address.
RST Cloud analytics also allow you to see which potential spammers visited your web resource and what actions they performed. For that purpose, we provide you with the Comments Spammers IPs report.
Apart from malicious web crawlers and spammers, it’s important to know the users whose IP-addresses were used to perform attacks to other Internet resources. You can see these users and the list of requests they made in the Other Malicious IPs report.
At the moment RST Cloud is integrated with 15 external reputation databases, the information from which is updated every 24 hours.
Besides understanding user reputation from the security point of view, it’s important to detect and investigate attacks made to your web resource. RST Cloud analytics can detect and investigate attacks even if the malefactor managed to break in and cover up the tracks by deleting the server logs of Apache, Nginx or IIS. For attack detection and monitoring, RST Cloud provides you with the following mechanisms.
Due to a connection between the signature and behavioural mechanisms RST Cloud allows detecting not only well-known attacks but also 0-day attacks that are reflected directly or otherwise at the web server log level.
The results of the signature attack detection mechanism can be seen in the Security Attacks report. This report shows which attacks were detected and which requests contained the attack traces. Apart from attacks RST Cloud detects more than 50 vulnerability scanners’ activity. These scanners are run by malefactors to automatically detect your web resource security breaches.
Anomaly information is shown in the Security Anomalies report. This report contains all uncharacteristic requests to your website.
For attack investigation, it’s important to understand what the malefactor did and at what stage the attack has been detected. Reconstructing the sequence of the attacker’s actions not only you can detect a security breach, but also recover your system after the malicious intrusion. For that, it is crucial to analyse the whole context of the attack, including the attack itself and all requests a few moments before the attack and a few moments after. For such investigations, RST Cloud provides a separate group of reports allowing deep malefactor action analytics.
This group of reports allows to:
Click an attack to see the attack context investigation report.
This report allows you to see all requests that the attacker made over the time period of 1 to 30 minutes during which the attack has been performed. If you suspect that over the course of the attack the malefactor changed the IP address, you can include requests from other users into the investigation context.
Recent PostsUnpathed Critical Vulnerability in Magento